I am looking at a use case where a worker would be a great fit. However, I need to lockdown access. Normally, I would simply setup a firewall rule and white list the IP addresses.
However, the mechanism access is a Amazon Lambda (actually a OpenFaas equivalent). As such the IP is dynamically assigned at runtime and so my usual approach does not work.
What are my options? I have looked at Cloudflare Access / Teams - but to be honest know very little about it - could this be used?
Of course I could assign an header value and search for this since the machine to machine access is SSL - however, it does not see feel like a great approach.
Does anyone have experience of this or have any recommendations?
What is your plan?
Depending on your plan type, you could do different things!
Lockdown feature (requires PRO plan)
You can use the “zone lockdown” feature, however, this will require at least a PRO plan
Firewall rule creation
You could create firewall rules with any plan, however, on a free plan, you can only create 3 firewall rules! I would go with at least a PRO plan! This allows more firewall rules than the free plan, AND, unlocks the WAF feature!
I hope all of this helps!
Thanks so much for your thoughts - I do have a pro plan, so all good there. However, I do not know the source IP address as it is dynamic. I guess what I am thinking is that in an ideal world, I would use some sort of key in the header, however, I cannot see this in the WAF as an option. Can you think of any further options? Any further thoughts would be much appreciated…
Thank you! I will check that out the TransformRule